How do I install the Tor Browser Bundle in Ubuntu?

Do not use the packages in Ubuntu's universe.

According to The Tor Project, "In the past they have not reliably been updated. That means you could be missing stability and security fixes."

Download Tor Browser Bundle from The Tor Project website

• From here, select your Language and download the 32-bit or 64-bit flavor as well as the accompanying sig file to ~/path/to/TBB_directory.

Verify GPG Signature

• Download the Tor Browser Developers GPG Public Key (which is used for signing Tor Browser Bundle packages; also see keyserver):

  gpg --keyserver keys.gnupg.net --recv-keys 0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290
  

• Verify that the signature file was produced when their GPG Key signed your Tor Browser Bundle download (adjust the commands if version is not "5.0.1" or language is not "en"):

  cd ~/path/to/TBB_directory 
  gpg --verify tor-browser-linux64-5.0.1_en-US.tar.xz.asc tor-browser-linux64-5.0.1_en-US.tar.xz
  

• You should see "Good signature.." in your terminal if successful (if not, download the file again and try once more):

  gpg: Signature made Mon 17 Aug 2015 06:48:06 PM UTC
  gpg:                using RSA key D40814E0
  gpg: Good signature from "Tor Browser Developers (signing key) <[email protected]>"
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
       Subkey fingerprint: BA1E E421 BBB4 5263 180E  1FC7 2E1A C68E D408 14E0
  

Extract Tor Browser Bundle Package

• Right-click .tar.xz file and select "Extract Here" or:

  tar -xvf tor-browser-linux64-5.0.1_en-US.tar.xz
  

Browse The Internet using globally distributed, encrypted, and anonymous Tor network

• Open newly extracted directory, find the file start-tor-browser, and make sure it is executable.

  • Right-click > Properties > Permissions > Execute: Allow executing file as program

• Double-click start-tor-browser or:

  ./start-tor-browser
  

• Select Run if Nautilus asks you how you want to execute the `start-tor-browser' script.

Congratulations!

These are the instructions from the official Tor Browser User Manual in case the Ubuntu torbrowser-launcher package hasn't updated the gpg key that is required to install Tor Browser. When I updated the Tor Browser Developers signing key I noticed that the key that I updated will expire in less than one year.

1. Navigate to the Tor Browser download page.

2. Download the GNU/Linux .tar.xz file

3. (Recommended) Verify the file's signature. The steps for verifying the file's signature are shown below.

4. When the download is complete, extract the archive with the command tar -xf [TB archive] or with the Archive Manager.

5. Navigate to the newly extracted Tor Browser directory. Right click on start-tor-browser.desktop, open Properties and change the permission to Allow executing file as program by clicking the checkbox. Double-click the icon to start up Tor Browser for the first time.

6. Alternatively, from inside the Tor Browser directory, you can also start from the command line by running:

    ./start-tor-browser
   

---

How to verify Tor Browser's signature

Fetching the Tor Developers key

The Tor Browser team signs Tor Browser releases. Import the Tor Browser Developers signing key (0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290):

gpg --auto-key-locate nodefault,wkd --locate-keys [email protected]

This should show you something like:

gpg: key 4E2C6E8793298290: public key "Tor Browser Developers (signing key) <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
pub   rsa4096 2014-12-15 [C] [expires: 2020-08-24]
      EF6E286DDA85EA2A4BA7DE684E2C6E8793298290
uid           [ unknown] Tor Browser Developers (signing key) <[email protected]>
sub   rsa4096 2018-05-26 [S] [expires: 2020-09-12]

After importing the key, you can save it to a file (identifying it by fingerprint here):

gpg --output ./tor.keyring --export 0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290

Verifying the signature

To verify the signature of the package you downloaded, you will need to download the corresponding ".asc" signature file as well as the installer file itself, and verify it with a command that asks GnuPG to verify the file that you downloaded.

The example below assumes that you downloaded these two files to your Downloads folder.

gpgv --keyring ./tor.keyring ~/Downloads/tor-browser-linux64-9.0_en-US.tar.xz{.asc,}

The result of the command should produce something like this:

gpgv: Signature made 07/08/19 04:03:49 Pacific Daylight Time
gpgv:                using RSA key EB774491D9FF06E2
gpgv: Good signature from "Tor Browser Developers (signing key) <[email protected]>"

NB: This PPA hasn't been updated in YEARS already (since 2017) and it is several updates behind the official Tor Browser Bundle release.

You can install TorBrowser Bundle in Ubuntu by using the TorBrowser WebUpd8 PPA. Open a terminal and copy/paste the following commands:

sudo add-apt-repository ppa:webupd8team/tor-browser
sudo apt-get update
sudo apt-get install tor-browser

Then simply launch TorBrowser from the Dash / menu.

More info: Tor Browser Bundle Ubuntu PPA